User manual NOVELL SENTINEL LOG MANAGER 1.0.0.4 RELEASE NOTES

[. . . ] novdocx (en) 22 June 2009 Novell Sentinel Log Manager 1. 0. 0. 4 Release Notes Novell® February 08, 2010 Novell® SentinelTM Log Manager collects data from a wide variety of devices and applications, including intrusion detection systems, firewalls, operating systems, routers, Web servers, databases, switches, mainframes, and antivirus event sources. Novell Sentinel Log Manager provides high event-rate processing, long-term data retention, regional data aggregation, and simple searching and reporting functionality for a broad range of applications and devices. Section 1, "What's New in Novell Sentinel Log Manager, " on page 1 Section 2, "System Requirements, " on page 5 Section 3, "Prerequisite, " on page 5 Section 4, "Installation, " on page 5 Section 5, "Issues Fixed, " on page 7 Section 6, "Known Issues, " on page 14 Section 7, "Documentation Conventions, " on page 18 Section 8, "Legal Notices, " on page 18 1 What's New in Novell Sentinel Log Manager The following sections list the new and enhanced features of Novell Sentinel Log Manager. Section 1. 1, "What's New in Novell Sentinel Log Manager 1. 0. 0. 4, " on page 1 Section 1. 2, "Novell Sentinel Log Manager 1. 0 Features, " on page 3 Section 1. 3, "New Plug-Ins, " on page 5 1. 1 What's New in Novell Sentinel Log Manager 1. 0. 0. 4 "New Data Collection User Interface" on page 1 "LDAP Authentication" on page 2 "Enhancements to the Search Result User Interface" on page 2 "New User Interface for Actions" on page 2 "Enhancement to the Admin User Interface" on page 2 1. 1. 1 New Data Collection User Interface The new and enhanced data collection user interface enables you to perform several new tasks: Refine all the event sources by using the new Event Sources screen. Novell Sentinel Log Manager 1. 0. 0. 4 Release Notes 1 novdocx (en) 22 June 2009 Start and stop the audit and syslog event source server by using the new Event Source Servers tab. Set the time zone for event sources. Search for events that are coming from one or many event sources. For more information about data collection configuration, see "Configuring Data Collection" in the Novell Sentinel Log Manager 1. 0. 0. 4 Administration Guide. 1. 1. 2 LDAP Authentication Sentinel Log Manager now supports LDAP authentication in addition to the database authentication. [. . . ] Fixed: The ESM user interface now works fine if there are many event sources are configured. 527007 Issue: To turn on or off the data logging for all of the operating system event sources and all of the Application collectors, a Data logging (All) On and Off option is required for the APPLICATIONS and OS tables under the Collection > Syslog Server tab. Fixed: To turn on or off the data logging for all of the operating system event sources and all of the Application collectors, a Data logging (All) On and Off option is provided for the APPLICATIONS and OS tables under the Collection > Syslog Server tab. 5. 2. 1 Enhancement Top N type reports are now supported. A Top N type report named All Vendors All Products Top 10 Report is installed with this hotfix and is available as a Visualization from the Search Save As Report dialog as well from the main report list. This report provides an easy way to view a dashboard of the most frequent activity being monitored by Sentinel Log Manager. 10 Novell Sentinel Log Manager 1. 0. 0. 4 Release Notes novdocx (en) 22 June 2009 5. 3 Issues Fixed in Sentinel Log Manager 1. 0. 0. 2 Release This section lists the issues fixed in Novell Sentinel Log Manager 1. 0. 0. 2 Release. Table 4 Issues fixed in Sentinel Log Manager 1. 0. 0. 2 Release Issues Fixed Description 537273 Issue: Non-admin user is able to log in to the Event Source Management interface by using a cached ESM jnlp file. Fixed: Only authorized admin user can log in to the Event Source Management interface. 536377 Issue: Lucene indexes are not being committed on a timely basis. Fixed: Lucene indexes are now being committed on a timely basis - once a minute. 535736 Issue: The Rule user interface does not perform the filter validation. Fixed: The specified filter value is validated by the Rule user interface. 536589 Issue: IndexedLogComponent can get stuck on deactivate when shutting down under heavy load (high EPS). Fixed: IndexedLogComponent will now shutdown gracefully under heavy load. 540119 Issue: When the Sentinel Log Manager Server runs for many days (for example, 25-40 days), it stores huge amount of EPS data, which is generated over time. This eps information is transferred to the tomcat server in a verbose format so it consumes a lot of memory and also while parsing the eps data it causes out of memory at the tomcat server. Fixed: The eps data information will now be transferred in a more compact format from the Sentinel Log manager server to the Tomcat server. 541858 Issue: A few events that are generated on a remote Collector Manager do not get displayed on the Sentinel Log Manager server. Fixed: All the events that are generated on a remote Collector Manager will be displayed on the Sentinel Log Manager server as expected. 543029 Issue: When one Sentinel Log Manager is configured with multiple Collector Managers. On changing a Collector for an event source under the Collection > Syslog Server tab, the Collector and the event source gets assigned to the wrong Collector Manager. Fixed: On changing a Collector for an event source under the Collection > Syslog Server tab, the Collector and the event source will be assigned to their respective Collector Manager. 5. 4 Issues Fixed in Sentinel Log Manager 1. 0. 0. 1 Release This section lists the issues fixed in Novell Sentinel Log Manager 1. 0. 0. 1 Release. Novell Sentinel Log Manager 1. 0. 0. 4 Release Notes 11 novdocx (en) 22 June 2009 Table 5 Issues fixed in Sentinel Log Manager 1. 0. 0. 1 Release Issues Fixed Description 527031 Issue: If the browser and the server are running in different time zones, the dates in the search results are not displaying correctly. Fixed: The dates in the search results are now displayed in the local timezone of the browser, regardless of which timezone the server is running in. 527006 Issue: The values in all of the drop down boxes in the raw data download page should be sorted alphabetically. Fixed: The values in the drop-down box appears in the alphabetical order. 526143 Issue: The communication links between the Sentinel Log Manager server and either Tomcat or Collector Managers do not always recover when the link is dropped temporarily. The link may get dropped temporarily due to network outage, system load, or a variety of other reasons. If this occurs to the link with Tomcat, the Web Server becomes unresponsive. If this occurs to the link with Collector Managers, data from the Collector Managers no longer flows to the Sentinel Log Manager, although the data is cached on the Collector Manager file system. Fixed: The communication links between the Sentinel Log Manager server and either Tomcat or Collector Managers recovers even when the link is dropped temporarily. 526119 Issue: Online data storage graphs are not displayed when the nfs archive location is unshared. Fixed: The Online data storage graphs are being displayed even if the archive location is not accessible. 524994 Issue: In Internet Explorer 8 browser, an error message is displayed on entering a search criteria and hitting enter instead of clicking on Search button. Fixed: The search results appear as expected. 525099 Issue: Sentinel Log Manager does not need to listen on port 1099. Fixed: Sentinel Log Manager does not listen on port 1099. 525075 Issue: On the Firefox browser if you log in to Sentinel Log Manager with the Administrator or Report Administrator credentials, perform a self edit and save the user details twice, then by default it takes the Auditor permission. [. . . ] To determine if the Integrator thread is started, search for a message in the log that indicates that the Integrator has started. It will be logged by the StoreAndForward logger (esecurity. ccs. comp. Integrator. slink. StoreAndForward), and will have a message similar to the following: Thread processing messages from store and forward queue starting up. or SentinelLinkStoreAndForward thread starting up. NOTE: The actual message might change, so search for messages logged by the StoreAndForward logger. 526364 Issue: Some connector documentation has the wrong version of the connector stated in the documentation. For example, the documentation may say 6r5 when the version of the connector is really 6r6. [. . . ]